CN114945900A - 用于执行安全应用进程的基于进程的虚拟化系统 - Google Patents

用于执行安全应用进程的基于进程的虚拟化系统 Download PDF

Info

Publication number
CN114945900A
CN114945900A CN202080093368.0A CN202080093368A CN114945900A CN 114945900 A CN114945900 A CN 114945900A CN 202080093368 A CN202080093368 A CN 202080093368A CN 114945900 A CN114945900 A CN 114945900A
Authority
CN
China
Prior art keywords
secure
memory component
application
secure application
processing unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202080093368.0A
Other languages
English (en)
Chinese (zh)
Inventor
J·莱恩斯塔拉
P·迈克凯拉斯
B·海伦施米特
B·夫雷
J·鲁登
G·亨特
D·坎普贝尔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of CN114945900A publication Critical patent/CN114945900A/zh
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30098Register arrangements
    • G06F9/30101Special purpose registers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
CN202080093368.0A 2020-01-24 2020-12-10 用于执行安全应用进程的基于进程的虚拟化系统 Pending CN114945900A (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/751,234 2020-01-24
US16/751,234 US11461474B2 (en) 2020-01-24 2020-01-24 Process-based virtualization system for executing a secure application process
PCT/IB2020/061730 WO2021148863A1 (en) 2020-01-24 2020-12-10 Process-based virtualization system for executing secure application process

Publications (1)

Publication Number Publication Date
CN114945900A true CN114945900A (zh) 2022-08-26

Family

ID=76970173

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080093368.0A Pending CN114945900A (zh) 2020-01-24 2020-12-10 用于执行安全应用进程的基于进程的虚拟化系统

Country Status (5)

Country Link
US (1) US11461474B2 (ja)
CN (1) CN114945900A (ja)
DE (1) DE112020005517T5 (ja)
GB (1) GB2607529A (ja)
WO (1) WO2021148863A1 (ja)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11604673B2 (en) * 2020-07-30 2023-03-14 Red Hat, Inc. Memory encryption for virtual machines by hypervisor-controlled firmware
US12080409B2 (en) * 2020-12-07 2024-09-03 Stryker Corporation Secure software updates and architectures
US11847015B2 (en) * 2022-01-24 2023-12-19 Vmware, Inc. Mechanism for integrating I/O hypervisor with a combined DPU and server solution
JP7144819B1 (ja) * 2022-04-14 2022-09-30 AI inside株式会社 プログラム、コンピュータ、システム及び方法

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7484091B2 (en) 2004-04-29 2009-01-27 International Business Machines Corporation Method and system for providing a trusted platform module in a hypervisor environment
US9213566B2 (en) * 2008-11-26 2015-12-15 Red Hat, Inc. Implementing security in process-based virtualization
US8832820B2 (en) * 2012-06-25 2014-09-09 International Business Machines Corporation Isolation and security hardening among workloads in a multi-tenant networked environment
US9811364B2 (en) * 2013-06-13 2017-11-07 Microsoft Technology Licensing, Llc Thread operation across virtualization contexts
US10902112B2 (en) 2015-08-25 2021-01-26 Sekisui House, Ltd. System including a hypervisor
US10015278B2 (en) 2015-09-11 2018-07-03 Verizon Patent And Licensing Inc. Adaptive scheduling and orchestration in a networked environment
CN105389197B (zh) 2015-10-13 2019-02-26 北京百度网讯科技有限公司 用于基于容器的虚拟化系统的操作捕获方法和装置
US10210030B2 (en) * 2017-07-13 2019-02-19 Cyberark Software Ltd. Securely operating remote cloud-based applications
US10387686B2 (en) 2017-07-27 2019-08-20 International Business Machines Corporation Hardware based isolation for secure execution of virtual machines
US10296741B2 (en) 2017-07-27 2019-05-21 International Business Machines Corporation Secure memory implementation for secure execution of virtual machines
US10664592B2 (en) * 2018-03-22 2020-05-26 International Business Machines Corporation Method and system to securely run applications using containers
CN110059453B (zh) 2019-03-13 2021-02-05 中国科学院计算技术研究所 一种容器虚拟化安全加固装置及方法
US11176245B2 (en) * 2019-09-30 2021-11-16 International Business Machines Corporation Protecting workloads in Kubernetes

Also Published As

Publication number Publication date
DE112020005517T5 (de) 2022-09-01
US20210232693A1 (en) 2021-07-29
WO2021148863A1 (en) 2021-07-29
JP2023510773A (ja) 2023-03-15
GB2607529A (en) 2022-12-07
GB202212230D0 (en) 2022-10-05
US11461474B2 (en) 2022-10-04

Similar Documents

Publication Publication Date Title
US11467982B2 (en) Virtualization-based platform protection technology
US12001867B2 (en) Method and system for improving software container performance and isolation
CN111638943B (zh) 具有受保护的访客机验证主机控制的装置和方法
CN109783188B (zh) 用于安全公共云的密码存储器所有权表
CN107077428B (zh) 保护应用秘密的方法、电子系统和计算机存储介质
US9946562B2 (en) System and method for kernel rootkit protection in a hypervisor environment
US11461474B2 (en) Process-based virtualization system for executing a secure application process
US20200409740A1 (en) Systems, methods, and media for trusted hypervisors
US8495750B2 (en) Filesystem management and security system
KR101922798B1 (ko) 범용성 및 트러스트존 기능 연동을 보장하는 모바일 기기상의 안전한 실행 환경 생성 방법 및 장치
US10970100B2 (en) Starting a secure guest using an initial program load mechanism
US11436318B2 (en) System and method for remote attestation in trusted execution environment creation using virtualization technology
US11726922B2 (en) Memory protection in hypervisor environments
JP7573621B2 (ja) セキュア・アプリケーション・プロセスを実行するためのプロセスベース仮想化システム
US11604673B2 (en) Memory encryption for virtual machines by hypervisor-controlled firmware
Aw Ideler Cryptography as a service in a cloud computing environment
US20230098991A1 (en) Systems, methods, and media for protecting applications from untrusted operating systems
US20240061697A1 (en) Providing trusted devices fine grained access into private memory of trusted execution environment
US20240330435A1 (en) Attesting on-the-fly encrypted root disks for confidential virtual machines
Thinh et al. Convergence in trusted computing and virtualized systems: A new dimension towards trusted intelligent system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination